Cybersecurity Wiretap #3: From HijackLoader Updates to SocGholish focusing on zEus & TunnelVision (week of 05/06/2024)

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

HijackLoader Updates by @Threatlabz

  • decrypts & parses PNG image to load next stage
  • has additional features like dynamic API resolution, blocklist process checking, and user mode hook evasion using Heaven’s Gate

https://www.zscaler.com/blogs/security-research/hijackloader-updates

CVE-2024-3661, a.k.a. TunnelVision, Exposes a VPN Bypass Vulnerability by @Threatlabz

  • bypass VPN encapsulation and enable attackers to send the traffic outside a VPN tunnel using the built-in features of DHCP

https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability

Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, P4 by @elasticseclabs

  • in-depth analysis of v4.9.3 that offers critical insights that can significantly aid the malware research community

https://www.elastic.co/security-labs/dissecting-remcos-rat-part-four

zEus Stealer Distributed via Crafted Minecraft Source Pack by #FORTIGUARD LABS

  • relatively simple attack flow, but collects wide variety of inf that provides data for next attack & contributes to social engineering

https://www.fortinet.com/blog/threat-research/zeus-stealer-distributed-via-crafted-minecraft-source-pack

SocGholish Sets Sights on Victim Peers by @esthreat

  • used living-off-the-land techniques to collect sensitive cred& and configured web beacons in email signatures & network shares to map out local and b2b relationships

https://www.esentire.com/blog/socgholish-sets-sights-on-victim-peers

FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads by @esthreat

  • threat actors used malicious websites to impersonate brands like AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet

https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads

Thanks a lot for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.